Discover how DirectDefense is pushing the boundaries of AI innovation and revolutionizing various sectors.
Greetings Jim,
Kindly brief us about yourself and your role as the President and CTO at DirectDefense.
As President and CTO of DirectDefense, my main responsibilities are to oversee the strategic direction of the company and ensure that we are delivering the highest quality services to our clients. I lead and work with an amazing team of security practitioners that bring years of experience in enterprise risk assessments, penetration testing, ICS/SCADA security services, monitoring and protecting organizations from a variety of threats, and assisting organizations in establishing and implementing security strategies.
What inspired you to pursue a career in cybersecurity, and what are the most exciting developments in the field today?
I’ve been in the cybersecurity industry since the early 90s, before it was recognized as an industry. I was fortunate enough to witness the formation of the industry and have been a part of it ever since. I started out working for one of the first resellers of Checkpoint in the U.S. and we eventually became one of the first MSSPs in the country, providing managed firewall services. I also helped companies like Checkpoint and ISS establish training courses for their products.
Later on, I transitioned to the offensive side as a penetration tester and security researcher for ISS and Accuvant. Through my experiences, I developed my soft skills and management skills, learning all aspects of the business and addressing major challenges such as team skills development, optimizing delivery processes, networking to staff as demand grew, and creating and selling services to clients big and small.
Today, the most exciting development in the field is the recognition that while technology does amazing things, the solution to security problems is people, processes, and technology. As a result, finding and nurturing quality people will always be a challenge and exciting opportunity for those entering what we now call an industry.
How does DirectDefense incorporate AI into its products and services, and what benefits does this provide to your customers?
In addition to reselling and utilizing products that already have AI and ML built-in, such as SIEMs, EDRs, and email security platforms, we also use AI in our case management and event enrichment processes for our MDR offering and in our penetration testing activities.
By leveraging AI, we can provide our customers with several benefits. For example, our MDR solution can quickly and accurately detect and respond to threats, reducing the time it takes to identify and mitigate potential security incidents.
Being a thought leader, how do you strategize to bring to light DirectDefense’s mission and vision?
Our strategy for promoting DirectDefense’s mission and vision is to emphasize our consultative and personalized approach to all of our services. We understand that each of our clients has unique needs, and we provide a “white glove” service by supporting custom alerts, playbooks, and responses. Most of our competitors don’t, because it can be a challenge to train 50-100 analysts how one client wants to uniquely handle a single event. We have also developed our own case management solution that allows us to share and maintain consistency among our team with client-specific requests.
In addition, we prioritize communication with our clients and require regular feedback from them. This may seem obvious, but it’s something that our clients often mention as a key differentiator between us and our competition. Frequent and transparent communication is critical to building trust and maintaining strong client relationships.
While compliance is a key factor in securing funding, we take a tactical approach to aid our clients in maintaining their compliance standards, when a large number of the MDR/MSSP providers may not. For example, we report every time a new domain admin account is created, which is a requirement for most compliance standards, even if there is no indication of compromise. Unlike many of our competitors, we do not only report events with indications of compromise, but we also report on events that are necessary for the day-to-day reporting requirements for regulated customers.
We are dedicated to being a reliable guardian against bad events while also supporting our clients’ business and unique needs.
How according to you does DirectDefense elevate security posture to a higher standard of protection and help cyber security resilience?
Since many clients come to us as a byproduct of having a security event like ransomware, we have the benefit of assisting them in acquiring security visibility through the deployment of a series of technologies, like a SIEM or EDR solution, as well as a vulnerability management process. By establishing a vulnerability management process post-incident and enriching this visibility with threat intelligence feeds into both the SOC via the SIEM and EDR solution and in their vulnerability management process, we establish a solid foundation for continuous assessment and improvement of our clients’ security resilience.
For clients seeking single-point solutions such as a SIEM or SOC, we rely on external threat intelligence feeds and limited enumeration/testing to augment security visibility into SOC and knowledge base about the customer.
In your opinion, how important is it to augment AI and ML in a way that they can be utilized to their fullest potential and not be a substitute for human skills?
AI and ML are valuable tools that can greatly improve information security practices and procedures. However, it is important to recognize that these technologies are not a substitute for human skills. Rather, they should be used to augment and enrich human capabilities.
One way to achieve this is by utilizing AI and ML for threat modeling and vulnerability analysis. By simulating various scenarios, AI can identify potential vulnerabilities and threats to an organization’s information security. This capability can help organizations better understand their security posture and identify areas that need improvement.
AI and ML can also be used for security awareness training. AI can help security practitioners develop interactive and engaging training programs for employees, which can help them understand the importance of following security policies and procedures and recognize and avoid common security threats.
Another way to utilize AI and ML is in incident response planning to develop tailored plans that are specific to an organization’s needs. This can help them respond more effectively to security incidents and minimize the impact of any breaches or attacks.
In addition, AI, like ChatGPT, can assist in security policy development by analyzing data and feedback from employees to create policies that are more user-friendly while still being effective at protecting sensitive information.
Finally, AI can be used for automated threat detection and response. By developing automated systems that can quickly identify and respond to potential security threats, organizations can reduce the time it takes to detect and respond to security incidents, minimizing the impact of a breach or attack.
How important is it to leverage the power of AI in order to boost business performance?
AI enables businesses to increase their productivity and provide more value to their clients without having to continually scale their staff. Most importantly, AI allows staff members to focus on more strategic or service-specific goals, as the technology can aid in entry-level analysis. This is especially important for service-based companies, as staffing costs typically represent the largest expense.
Please brief our audience about the emerging trends of the new generation and how you plan to fulfill the dynamic needs of the AI-ML infrastructure.
AI and ML are aiding in addressing the increasingly complex challenges of today’s digital landscape, including compromised accounts, initial access investigations, persistence establishment, and hostile attacks such as ransomware. Additionally, due to the shift towards remote work and the maturation of most programs, we are now facing a new challenge of monitoring the use of intellectual property in terms of how it is shared and utilized.
What would be your valuable advice for budding entrepreneurs and industry professionals?
My advice would be to first understand your pain threshold and determine if you have a partner or network of friends that are in lockstep with your drive to be successful. If you’re going at it alone, be aware of how much risk you’re willing to take on.
If you’re working with your significant other or family, be mindful of their pain points and your timeframe to avoid them. It could be a financial or time commitment. Knowing these things ahead of time will allow you to fully commit and go all in with a support network behind you to keep you on track.
How do you plan to scale up DirectDefense’s growth curve in 2023 and beyond?
While technology plays a crucial role, we primarily focus on building and nurturing our established networks for hiring trained talent since we are the company that provides the bodies to achieve our clients’ goals. We actively engage with potential employees from schools, the armed forces, and even high schools to tap into the next generation of security practitioners. By combining our strong recruitment strategy with cutting-edge technology, we aim to expand our reach and achieve even greater success in 2023 and beyond.
Jim Broome,
President and CTO at DirectDefense
Jim Broome is a seasoned IT/IS veteran with more than 20 years of information security experience in both consultative and operational roles. Jim leads DirectDefense, where he is responsible for the day-to-day management of the company, as well as providing guidance and direction for our service offerings.
Previously, Jim was a Director with AccuvantLABS where he managed, developed, and performed information security assessments for organizations across multiple industries. Prior to AccuvantLABS, Jim was a Principal Security Consultant with Internet Security Systems (ISS) and their X-Force penetration testing team.